The government’s long-touted Single Patient Record (SPR) has existed for months as a lofty idea without a concrete plan. It was announced in October, given space in the 10-Year Health Plan, and promoted as a way to transform health services. Yet beyond broad objectives, details remain thin.

‍

In May, NHS England invited potential suppliers to share ideas about what the SPR could become. That consultation has ended, and the feedback has been summarised. While the process has not produced a blueprint, it does offer clues about the priorities, risks and possible structure of the record.

‍

‍The case for common standards

A consistent theme in supplier responses was the need for interoperability. Many called for the SPR to use established, open data standards such as Fast Healthcare Interoperability Resources and open Electronic Health Record formats. This would allow for seamless data sharing, the integration of older systems and space for third-party innovation.

‍

Suppliers warned that a lack of standardisation would pose a major risk. They argued that adopting proven international standards would avoid the costly mistakes of creating bespoke systems that do not connect.

‍

The question of “write-back” was also raised. Many suppliers believe the SPR should be able to update source systems so that there is always one accurate version of the record. However, they suggested that this feature should come later, once the basic infrastructure is in place.

‍

‍A modular path forward

Suppliers showed a clear preference for a modular approach. Building the SPR in small, manageable blocks would be less disruptive and more adaptable than launching it all at once. Small and medium-sized enterprises (SMEs) in particular said that a modular system would give them opportunities to contribute specialist components.

‍

This view aligns with a recent report from the Tony Blair Institute, which urged procurement reforms that favour SME-led consortia. The logic is that smaller suppliers can offer agility and niche expertise that large technology firms often lack.

‍

Who owns the data?

Data ownership was one area where suppliers wanted much greater clarity. They asked where the data would be stored, who could update it and who would be accountable for accuracy.

‍

The government has spoken about empowering patients by giving them control of their own records. However, supplier feedback suggests caution. Concerns include risks to clinical accuracy, accountability and compliance with information governance rules. If patients could withhold certain details, clinicians might be unable to deliver safe care.

‍

The long-term plan appears to be for the Department of Health and Social Care to act as the data controller. This may address some operational concerns but leaves open the question of whether the public will trust such an arrangement.

‍

The public’s mistrust is not misplaced

Recent headlines offer plenty of reasons why patients might be uneasy about the SPR. In the Netherlands, hackers accessed the personal details of half a million women who had taken part in a cervical cancer screening programme. In the United States, a court found Meta, the parent company of Facebook and Instagram, liable for using data from the period-tracking app Flo to target adverts.

‍

Closer to home, UK police guidance issued this year revealed that officers can request information from menstrual health apps to check whether a pregnancy was terminated after the 24-week legal limit. Privacy campaigners have warned that women should think twice before using such apps.

‍

The lesson is clear. Public concern is not solely about cybercrime. It is also about the legitimate misuse of data by institutions, whether private companies or state agencies.

‍

The road ahead

For the SPR to succeed, the technology must be built on open standards and modular design. Yet technology alone will not be enough. The government must address legitimate concerns about data ownership, accuracy and trust. Without this, the SPR risks becoming another expensive digital project that fails to win over the people it is meant to serve. The SPR could transform the NHS. Or it could become another cautionary tale. The difference will depend less on the coding and more on whether the public believes their information is safe, accurate and handled with respect.